Editors note: This story was published by Recode on September 20, 2016, after it was revealed that 500 million Yahoo user accounts were breached. On December 14, Yahoo said it was the victim of an even bigger hack (read about it here).

If you've ever signed up for an account with Yahoo, there's cause for concern. The company confirmed today, after Recode broke the story last night, that 500 million user accounts were breached in a massive hack.

That's larger than the population of the United States and Mexico combined.

But our email accounts are packed with personal information. We send people we trust our account details for all kinds of services over email, and whether it's as benign as a Netflix password or as potentially devastating as a pornography website login or credit card number, we expect our email accounts to be password-protected and private.

If you have a Yahoo account, here's what you should do.

Change all your passwords

Not just your Yahoo account. Make a list of all the online accounts where you store sensitive information. Update all your passwords to make them long and strong. Be sure to give each separate account a unique password, too. No repeats.

The best way to keep track of all your new passwords is with a password manager, which stores all your account details in an encrypted vault on your smartphone and your desktop. You can find some great free or extremely cheap ones online. Do some digging and find an option that works best for you.

Then visit the account settings of services you've connected to your Yahoo account and disconnect them immediately.

Switch to Gmail or use encryption

Gmail is endorsed by security researchers for being a secure service that most people can trust. If you want an airtight layer of protection, you can always setup a PGP key so only the intended recipient can decrypt your emails.

Enable two-factor authentication for all accounts and update apps

If you want to log in to your accounts, you should be able to verify you're the one trying to log in and not someone else. That means employing more than just an easily sharable password to authenticate your login attempt.

Most services offer the option to text a code to a phone number on file for your account so only a person with both your password and your cellphone can access. Make sure all your apps and services are fully updated to take advantage of any recent security improvements.

Don’t open shady emails

Hackers often try to bait people into opening emails or attachments that may contain malware. Don't open the email if you're unsure. And if you do open an email and then decide it might be a hacker, do not open the attachments. Delete it.